But you still don't, or can't, solve the fundamental issue of giving chatbots actual power to do things. And, if you can give the chatbots power to do the thing the customer wants them the chat bot is likely the most inefficient way to do it. It should just be part of the website / app.
Giving them power you don't provide users means they need to be able to discriminate. Even humans are vulnerable to social engineering, but the nature of each human being different makes it not scalable. If you figure out an empowered chatbots prompt injection soft spot you could potentially scale the fraud which is a dangerous problem.
Giving them power you don't provide users means they need to be able to discriminate. Even humans are vulnerable to social engineering, but the nature of each human being different makes it not scalable. If you figure out an empowered chatbots prompt injection soft spot you could potentially scale the fraud which is a dangerous problem.